Corpus ID: 14752398

An Investigation of the Android/BadAccents Malware which Exploits a new Android Tapjacking Attack

  title={An Investigation of the Android/BadAccents Malware which Exploits a new Android Tapjacking Attack},
  author={Siegfried Rasthofer and Irfan Asrar and Stephan Huber and Eric Bodden},
We report on a new threat campaign, underway in Korea, which infected around 20,000 Android users within two months. [...] Key Method We highlight various challenges for automatic malware analysis frameworks that significantly hinder the fully automatic detection of malicious components in the mal- ware. Furthermore, the malware exploits a previously unknown tapjacking vulnerability in the Android operating system, which we describe in detail. As a result of this work, the vulnerability, affecting all Android…Expand
How Current Android Malware Seeks to Evade Automated Code Analysis
A detailed investigation of the Android malware resulted in the identification of a new Android malware family Android/BadAccents, which represents current state-of-the-art in mobile malware development for banking trojans and highlights various challenges for automatic malware analysis frameworks that significantly hinder the fully automatic detection of malicious components in current Android malware. Expand
A Framework for Detecting and Countering Android UI Attacks via Inspection of IPC Traffic
This work presents a framework for detecting and countering deceptive user interface attacks on the Android platform via inspection and analysis of inter-process communication transactions in the operating system. Expand
DroidPill: Pwn Your Daily-Use Apps
DroidPill is built, a framework for malware creation that employs the app virtualization technique and the design flaws in Android to achieve such attacks with free apps to take full control of benign apps and their resources without device root or privilege escalation. Expand
Understanding and Detecting Overlay-based Android Malware at Market Scales
OverlayChecker is built, a system that is able to automatically detect overlay-based malware at market scales and reveals a set of suspicious overlay properties strongly correlated with the malice of apps, including several novel features. Expand
Black box analysis of android malware detectors
This research obfuscates selected features of known Android malware samples and discovers which features are most significant for various sets of Android malware detectors, in effect, performing a black box analysis of these detectors. Expand
Structural analysis and detection of android botnets using machine learning techniques
A structural analysis-based learning framework, which adopts machine learning techniques to classify botnets and benign applications using the botnet characteristics-related unique patterns of requested permissions and used features, which shows that the support vector machine classifier performs well compared to other classification algorithms. Expand
In pursuit of a secure UI: The cycle of breaking and fixing Android’s UI
Focusing on the Android OS, this paper highlights previous and current UI-based attack vectors and finishes with an overview of security mechanisms, covering both system-wide as well as app-level protection measures. Expand
Using Context and Interactions to Verify User-Intended Network Requests
Verified Intention (VInt), which ensures a network request, as received by a service, is user-intended, is proposed, which is based on "seeing what the user sees" (context). Expand
APSL : langage de spécification des politiques de sécurité basées sur le contexte pour le contrôle des applications Android
Vu l'importance des donnees personnelles des utilisateurs des smartphones, elles font, malheureusement, l'objet d'une convoitise incessante de la part des pirates. Si la vigilance quant a laExpand


An Android Application Sandbox system for suspicious software detection
An Android Application Sandbox (AASandbox) is proposed which is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications and might be used to improve the efficiency of classical anti-virus applications available for the Android operating system. Expand
Rage against the virtual machine: hindering dynamic analysis of Android malware
A broad range of anti-analysis techniques that malware can employ to evade dynamic analysis in emulated Android environments are presented and possible countermeasures are proposed to improve the resistance of current dynamic analysis tools against evasion attempts. Expand
Dissecting Android Malware: Characterization and Evolution
Systematize or characterize existing Android malware from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Expand
ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors
This paper presents ANDRUBIS, a fully automated, publicly available and comprehensive analysis system for Android apps that combines static analysis with dynamic analysis on both Dalvik VM and system level, as well as several stimulation techniques to increase code coverage. Expand
DroidChameleon: evaluating Android anti-malware against transformation attacks
This paper evaluates the state-of-the-art commercial mobile antimalware products for Android and test how resistant they are against various common obfuscation techniques and proposes possible remedies for improving the current state of malware detection on mobile devices. Expand
Automatic analysis of malware behavior using machine learning
An incremental approach for behavior-based analysis, capable of processing the behavior of thousands of malware binaries on a daily basis is proposed, significantly reduces the run-time overhead of current analysis methods, while providing accurate discovery and discrimination of novel malware variants. Expand
Droid Analytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware
The design and implementation of DroidAnalytics are presented, a signature based analytic system to automatically collect, manage, analyze and extract android malware, and the system facilitates analysts to retrieve, associate and reveal malicious logics at the "opcode level". Expand
Mobile-sandbox: having a deeper look into android applications
Mobile-Sandbox is presented, a system designed to automatically analyze Android applications in two novel ways: it combines static and dynamic analysis, i.e., results of static analysis are used to guide dynamic analysis and extend coverage of executed code, and it uses specific techniques to log calls to native APIs. Expand
FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps
FlowDroid is presented, a novel and highly precise static taint analysis for Android applications that successfully finds leaks in a subset of 500 apps from Google Play and about 1,000 malware apps from the VirusShare project. Expand
AndRadar: Fast Discovery of Android Applications in Alternative Markets
Findings indicate that alternative markets host a large number of ad-aggressive apps, a non-negligible amount of malware, and some markets even allow authors to publish known malicious apps without prompt action. Expand